issues
search
Security-Experts-Community
/
open-xp-rules
Открытый репозиторий с правилами на языке eXtraction and Processing (XP)
Apache License 2.0
20
stars
44
forks
source link
issues
Newest
Newest
Most commented
Recently updated
Oldest
Least commented
Least recently updated
Resolves #373
#387
DmitryOffsec
closed
4 months ago
2
OSW#2: Task-21
#386
aw350m33d
closed
3 months ago
2
OSW#2: Task-20
#385
aw350m33d
closed
3 months ago
3
OSW#2: Task-19
#384
aw350m33d
closed
4 months ago
0
OSW#2: Task-18
#383
aw350m33d
closed
4 months ago
1
OSW#2: Task-17
#382
aw350m33d
closed
4 months ago
2
OSW#2: Task-16
#381
aw350m33d
closed
4 months ago
1
OSW#2: Task-15
#380
aw350m33d
opened
5 months ago
7
OSW#2: Task-14
#379
aw350m33d
closed
4 months ago
5
OSW#2: Task-13
#378
aw350m33d
closed
4 months ago
0
OSW#2: Task-12
#377
aw350m33d
closed
4 months ago
0
OSW#2: Task-11
#376
aw350m33d
closed
4 months ago
0
OSW#2: Task-10
#375
aw350m33d
closed
4 months ago
0
OSW#2: Task-9
#374
aw350m33d
closed
4 months ago
0
OSW#2: Task-8
#373
aw350m33d
closed
4 months ago
0
OSW#2: Task-7
#372
aw350m33d
opened
5 months ago
0
OSW#2: Task-6
#371
aw350m33d
closed
4 months ago
5
OSW#2: Task-5
#370
aw350m33d
closed
4 months ago
14
OSW#2: Task-4
#369
aw350m33d
closed
4 months ago
4
OSW#2: Task-3
#368
aw350m33d
closed
3 months ago
0
OSW#2: Task-2
#367
aw350m33d
closed
4 months ago
0
OSW#2: Task-1
#366
aw350m33d
closed
4 months ago
3
Added MacOS es-logger normalizations
#364
aw350m33d
closed
5 months ago
0
Детекты обхода Sysmon
#363
driverenok
closed
5 months ago
0
Added norm EventID 255 for Microsoft-Windows-Sysmon provider
#362
driverenok
closed
5 months ago
0
Kernel event tracing normalization
#361
driverenok
closed
6 months ago
0
Большое обновление нормализаций Linux Audit
#360
RChernov
closed
1 year ago
0
Детект использования CVE_2023_42793
#359
bobyboba18
closed
1 year ago
0
Добавил детект CVE-2023-38831
#358
g4n8g
closed
1 year ago
0
Правки для раздела с нормализациями Linux
#357
RChernov
closed
1 year ago
0
fix for dcsync (feature/CA_DCSync_4662) in SYSTEM account scenario
#356
ilia-familia
closed
1 year ago
0
Unit tests for mitre attack rules
#355
shadow2033
opened
1 year ago
0
Детект SharpNoPSExec
#354
driverenok
closed
1 year ago
0
Детект SmbExec
#353
driverenok
closed
1 year ago
0
Выявление активности SMBExec
#352
aw350m33d
closed
1 year ago
0
Детект обнаружения доступа к процессу lsass - Fix
#351
driverenok
closed
1 year ago
0
Детект повышения привилегий путем манипуляции с AccessToken
#350
driverenok
opened
1 year ago
0
написано правило корреляции XSLT_XML_Suspicious_Powershell_Execution
#349
khgvad
closed
4 months ago
0
написано правило Suspicious_SCT_Execution
#348
khgvad
closed
4 months ago
0
[ДУБЛИКАТ] Дублирование логики в правилах на разведку локальных групп
#347
aw350m33d
opened
1 year ago
0
Добавлены правила для обнаружения vssadmin, wbadmin, bcdedit через запуск процесса
#346
arssing
closed
4 months ago
2
Добавлено правило обнаруживающее прокси выполнение бинарного файла че…
#345
Gpaul0
closed
1 year ago
0
Добавлено правило обнаруживающее запуск сценария Ps, создающее поддел…
#344
Gpaul0
closed
1 year ago
0
Добавлено правило детектирование использования атрибута сокрытия файл…
#343
Gpaul0
closed
1 year ago
0
Детект реализации техники Access Token Manipulation путем вызова функции CreateProcessAsUser - Update
#342
driverenok
closed
1 year ago
0
Детект включения привилегии SeDebugPrivilege - Update
#341
driverenok
closed
1 year ago
0
Детект запуска процессом vshadow.exe дочернего процесса - fix
#340
driverenok
closed
1 year ago
0
Feature/privesc krb relay up windows 4624
#339
Sagatjkeee
closed
1 year ago
0
Добавлено правило выявления PPLdump и Dll hijack
#338
Gpaul0
closed
1 year ago
0
добавлено правило для выявления использования wmiexec
#337
khgvad
closed
1 year ago
0
Previous
Next